Cyber Security
Introduction
Cyber Security is “the security of information and its communicating channels as applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the Internet as a whole.”
The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. Computer security also includes protection from unplanned events and natural disasters. The term “Cyber-Security” encompasses a range of issues from Cyber-crime to Cyber-warfare.
Cyber security is a complex issue that cuts across multiple domains and calls for multi-dimensional, multilayered initiatives and responses. It has proved a challenge for governments all around the world. The task is made difficult by the inchoate and diffuse nature of the threats and the inability to frame an adequate response in the absence of tangible perpetrators. The rapidity in the development of information technology (IT) and the relative ease with which applications can be commercialized has seen the use of cyberspace expand dramatically in its brief existence. From its initial avatar as a N/W created by academics for the use of the military, it has now become a global communications platform for socio-economic issues as well as for commercial and social purposes.
The increasing centrality of cyberspace to human existence is exemplified by facts and figures brought out recently by the International Telecommunications Union (ITU), according to which,
- The number of Internet users has doubled between 2005 and 2010 and surpasses 2 billion.
- Users are connecting through a range of devices from the personal computer (PC) to the mobile phone, and using the Internet for
a variety of purposes from communication to e-commerce, to data storage for several services.
The rise in the Internet population has meant that while the threats and vulnerabilities inherent to the Internet and cyberspace might have remained more or less the same as before, the probability of disruption has grown apace with the rise in the number of users. While such disruptions are yet to cause permanent or grievous damage worldwide, they serve as a wake-up call to the authorities concerned to initiate measures to improve the security and stability of cyberspace in terms of their own security. Governments are constrained in their responses by pressures exerted by politico-military-national security actors at one end and economic-civil society actors at the other.
THE INDIAN CYBERSPACE
The National Informatics Centre (NIC) was set up as early as 1975 with the goal of providing IT solutions to the government.
Between 1986 and 1988, three N/Ws were set up:
o INDONET, connecting the IBM mainframe installations that made up India’s computer infrastructure;
o NICNET (the NIC Network), being a nationwide very small aperture terminal (VSAT) N/W for public sector organisations as well as to connect the central government with the state governments and district administrations;
o The Education and Research Network (ERNET), to serve the academic and research communities.
Policies such as the New Internet Policy of 1998 paved the way for multiple Internet service providers (ISPs) and saw the Internet user base grow from 1.4 million in 1999 to over 15 million by 2003.
INDIAN PRESENCE IN INTERNET/AVENUES OF VULNERABILITY IN CYBER SPACE / INDIAN STAKES AT RISK IN CYBER SPACE
As per World Bank report
- By June2012,Internet users in India were approx. 12.5% of the total population (approx. 137 million). According to the Internet and Mobile Association of India (IAMAI),
- The internet user base in India is projected to touch 243 million by June 2014, with a year-on-year
growth of 28%.
This exponential growth is again expected to continue in recent future with more and more people accessing the web through mobile phones and tablets, with the government making a determined push to increase broadband
(>4mbps) penetration from its present level of about
6%.
NATIONAL E-GOVERNANCE PLAN (NGEP)
Even though the Indian government was a late convert to computerization, there has been an increasing thrust on e-governance, seen as a cost- effective way of taking public services to the masses
across the country.
- The two top email providers, Gmail and Yahoo, had
over 34 million users registered from India.
- 62% of Internet users in India use Gmail.
- India’s average connection speed is 1.3 mbps (Nov
2013), the lowest among Asian countries. Compare that to China’s 8.3 mbps and South Korea’s 14.2 mbps.
- Only 2.4% of India’s Internet connections have speeds
>4 Mbps and barely 0.3% have 10 mbps or higher.
Critical sectors such as Defence, Energy, Finance, Space, Telecommunications, Transport, Land Records, Public Essential Services and Utilities, Law Enforcement and Security all increasingly depend on N/Ws to relay data, for communication purposes and for commercial transactions.
The National e-governance Program (NeGP) is one of the most ambitious in the world and seeks to provide more than 1200 governmental services online. Schemes like ‘Rajiv Gandhi scheme for broadband to PRIs’ and National Optic Fiber Network (NOFN) mission are already dedicated to accelerate cyber connectivity in far reaching areas of country.
Under The National Broadband Plan, the target for broadband is 160 million households by 2016.
Despite the low numbers in relation to the population, Indians
have been active users of the Internet across various segments.
Similar level of penetration have also been seen in the social networking arena, which is the most recent entrant to the cyber platform. India currently has the fastest growing user base for Facebook and Twitter, the two top social networking sites.
CONTRIBUTION OF E-COMMERCE TO ECONOMY
The number of Internet users in
India increased from 1.4 million in
1998 to 100 million in 2010. Internet penetration during this
period rose from 0.1% to 8.5%.
In terms of contribution to the economy,
- The contribution of the IT-ITES (BPO) industry to GDP increased from 5.2% in FY06 to around 8.0% in FY13.
- The ICT sector has grown at an annual compounded rate of 33% over the last decade.
- An indication of the rapid pace of adaptation to the Internet in India is that Indian Railways, India’s top e- commerce retailer, saw its online sales go up from 19 million tickets in 2008 to 44 million in 2009, with a value of Rs. 3800 crore ($875 million).
- The size of India's e-commerce market in 2013 was around $13 billion, according to a joint report of KPMG
and Internet and Mobile Association of India (IAMAI).
- As per the same report, the e-commerce business in India is expected to reach around $50-70 billion by 2020 on the back of a fast growing internet-connected population and improvement in related infrastructure like payment and delivery systems.
- Currently estimated at $2.3 billion (about Rs 13,800 crores), Online Retailing is expected to gallop to almost
$38 billion (Rs 2.27 lakh crores) in the next five years.
As India progresses, its reliance on the Internet will increase at a rapid pace. Globalization and governance require a wired society. Along with this India’s vulnerability to the threat of Information War (IW) will become greater. This danger must be foreseen and planned for.
CYBERTHREATS
As we grow more dependent on the Internet for our daily activities, we also become more vulnerable to any disruptions caused in and through cyberspace. The rapidity with which this sector has grown has meant that governments and private companies are still trying to figure out both the scope and meaning of security in cyberspace and apportioning responsibility.
Cyber threats can be disaggregated, based on the perpetrators and their motives, into four baskets:
1. Cyber Espionage,
2. Cyber Crime
3. Cyber Terrorism
4. Cyber Warfare
Cyber Espionage
Cyber espionage, is “the act or practice of obtaining secret information without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of cracking techniques and malicious software including Trojan horses and spyware.”
Simply said, as per Oxford dictionary, Cyber espionage is “The use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.”
Instances of cyber espionage are becoming quite common, with regular reports of thousands of megabytes of data and intellectual property worth millions being exfiltrated from the websites and N/Ws of both government and private enterprises. Though more recently, Cyber spying involves analysis of public activity on social networking sites like Facebook and Twitter. While government websites and NWs in India have been breached, theprivate sector claims that it has not beensimilarly affected. Companies are also reluctant to disclose any attacks and exfiltration of data, both because they could be held liable by their clients and also because they may suffer a resultant loss of confidence of the public.As far as infiltration of government N/Ws and computers is concerned, cyber espionage has all but made the Official Secrets Act, 1923 redundant, with even the computers in the Prime Minister’s Office being accessed, according to reports.
The multiplicity of malevolent actors, ranging from state-sponsored to ‘Hactivists’, makes attribution difficult;
governments currently can only establish measures and protocols to ensure Confidentiality, Integrity and
Availability (CIA) of data.
Lately, it has been suggested to go on the Offensive against cyber spies and cyber criminals who are often acting in tandem with each other. ButOffence is notnecessarily the best form of defence in thecase of cyber security as perpetrators has not much to lose as
compared to their counterparts in government.
USA DoJ (Department of Justice) brings first- ever cyber-espionage case against Chinese officials in May 2014. Chinese officials have been charged with hacking into major U.S. companies to steal trade secrets.
Though, China refuted the charges immediately.
Cyber Crime/ Cyber Attacks
Cyber-attack is “any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks with an intention to damage or destroy targeted computer network or system.”
These attacks can be labeled either as Cyber-campaign, Cyber-warfare or Cyber-terrorism depending upon the context, scale and severity of attacks. Cyber-attacks can range from installing spyware on a PC to attempts to destroy the critical infrastructure of entire nations.
The increasing online population has proved a happy hunting ground for cyber criminals, with losses due to cyber-crime being in billions of dollars worldwide.
While other countries are reporting enormous losses to cyber-crime, as well as threats to enterprises and critical information infrastructure (CII), there are hardly any such reports coming out of India other than those relating to cyber espionage.
Though the report of the National Crime Records Bureau (NCRB) in 2010 reported an increase of 50% in cyber-crime over the previous year, the numbers were quite small in absolute terms.
On 12 July 2012, a high profile cyber-attack breached the email accounts of about 12,000 people, including those of officials from the Ministry of External Affairs, Ministry of Home Affairs, Defence Research and Development Organisation (DRDO), and the Indo-Tibetan Border Police (ITBP).
In February 2013, The Executive Director of the Nuclear Power Corporation of India (NPCIL) stated that his company alone was forced to block up to ten targeted attacks a day.
Similarly, there are relatively few reports of Indian companies suffering cyber security breaches of the sort reported elsewhere.Industry bodies such as the National Association of Software and Services Companies (NASSCOM) also attribute this to the fact that they have been at the forefront of spreading information security awareness amongst their constituents, with initiatives such as the establishment of the Data Security Council of India (DSCI) and the National Skills Registry. The Indian government has also aided these initiatives in a variety of ways, including deputing a senior police officer to NASSCOM to work on cyber security issues, keeping the needs of the outsourcing industry in mind.
That said cyberspace is increasingly being used for various criminal activities and different types of cyber-crimes, causing huge financial losses to both businesses and individuals.
Organised crime mafia have been drawn to cyberspace, and this is being reflected in cyber-crimes gradually shifting from random attacks to direct (targeted) attacks. A cyber underground economy is flourishing, based on an ecosystem facilitated by exploitation of zero-day vulnerabilities, attack tool kits and botnets. The vast amount of money lubricating this ecosystem is leading to increased sophistication of malicious codes such as worms and Trojans. The creation of sophisticated information-stealing malware is facilitated by toolkits such as ZueS, which are sold on Internet for a few thousands of dollars.
While large enterprises are ploughing more resources into digital security, it is the small enterprises and individuals that are falling prey to cyber-crime, as evinced by the increasing number of complaints on consumer complaint forums.
The low levels of computer security are also apparent in recurring statistics that show that India is the third- largest generator of spam worldwide, accounting for 35% of spam zombies and 11% of phishing hosts in the Asia-Pacific-Japan region.
A continuing trend for Internet users in India was that of the threat landscape being heavily infested with worms and viruses. The percentage of worms and viruses in India was significantly higher than the Asia-Pacific regional average.
METHODS OF ATTACKS
Most popular weapon in cyber terrorism is the use of computer viruses and worms. Yet these attacks can be classified into three different categories
1. Physical Attack - using conventional methods like bombs, fire etc to harm the cyber infrastructure.
2. Syntactic Attack - The computer infrastructure is damaged by modifying the logic of the system in order to introduce delay or make the system unpredictable. Computer viruses and Trojans are used in this type of attack.
3. Semantic Attack - This is more treacherous as it exploits the confidence of the user in the system. During the attack the information keyed in the system during entering and exiting the system is modified without the user’s knowledge in order to induce errors.
TOOLS OF CYBER ATTACKS
Cyber attackers use numerous vulnerabilities in cyberspace to commit these acts. They exploit the weaknesses in software and hardware design through the use of malware.
1. Bluetooth hijacking – (also called “Bluejacking”) is an attack conducted on Bluetooth-enabled mobile devices, such as cellular telephones, smart phones, and PDAs.
2. Botnet- A botnet (a contraction of the term "RoBOTNETwork") is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. E.g. distribute malware, spam, and phishing scams etc.
a. Network of compromised computers that are remotely controlled by malicious agents. They are used to send massive quantities of spam e-mail messages, co-ordinate distributed denial-of- service attacks (DDOS).
3. Browser hijacking - is the unintended modification of a web browser's settings by a malware. The term
"hijacking" is used as the changes are performed without the user's permission. Some browser hijacking can be easily reversed, while other instances may be difficult to reverse. Various software packages exist to prevent such modification.
4. Denials of service (DoS) - an attack that prevents or impairs the authorized use of information system resources or services.These attacks are used to overwhelm the targeted websites. Attacks are aimed at denying authorized person’s access to a computer or computer network.
5. Distributed denial-of-service (DDoS) - is a variant of the denial-of-service attack that uses a coordinated attack from a distributed system of computers rather than a single source. It often makes use of worms to spread to multiple computers that can then attack the target.
6. E-mail address harvesting - obtaining an electronic mail address using an automated means from an
Internet website or proprietary online service operated by another person.
7. E-Mail Related Crime - Usually worms and viruses have to attach themselves to a host programme to be injected. Certain emails are used as host by viruses and worms. E-mails are also used for spreading disinformation, threats and defamatory stuff.
a. Cyber criminals are using innovative social engineering techniques through spam, phishing and
social networking sites to steal sensitive user information to conduct various crimes, ranging from abuse to financial frauds to cyber espionage. E.g. Nigerian email asking bank account to transfer lots of money. Tempting emails of user winning lottery or in some luck draw have been few famous tricks.
8. Exploit tools - publicly available and sophisticated tools that intruders of various skill levels can use to determine vulnerabilities and gain access into targeted systems.
9. Hacking - The most popular method used by a terrorist. It is a generic term used for any kind of
unauthorized access to a computer or a network of computers. Some ingredient technologies like packet sniffing tempest attack, password cracking and buffer outflow facilitates hacking, Identity theft.
10. Logic bomb - a computer program, which may perform some useful function, but which contains hidden
code which, when activated, may destroy data, reformat a hard disk or randomly insert garbage into data files.
11. Identity theft - Obtaining and unlawfully possessing identity information of someone with the intent to
use the information deceptively, dishonestly or fraudulently in the commission of a crime.
12. Keyboardlogging - is a software that captures and "logs" every keystroke typed on a particular keyboard.
13. Macrovirus – is a program or code segment (can be called a Virus) written in the application's internal macro language.
14. Malware - (a concatenation of malicious software)a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.
15. Pharming – is a method used by phishers to deceive users into believing that they are communicating with a legitimate Web site. Pharming uses a variety of technical methods to redirect a user to a fraudulent or spoofed Web site when the user types a legitimate Web address.
16. Phishing - refers to a social engineering attack, where someone misrepresents their identity or authority in order to induce another person to provide personally identifiable information (PII) over the Internet.
17. Rootkit–is a set of tools used by an attacker after gaining root-level access to a host to conceal the attacker's activities on the host and permit the attacker to maintain root-level access to the host through covert means.
18. Skimming – is the act of obtaining data from an unknowing end user who is not willingly submitting the sample at that time. An example could be secretly reading data while in close proximity to a user on a bus.
19. Smart-card hijacking
20. Sniffer - (also called a packet sniffer) is asoftware tool for auditing and identifying network traffic packets.
21. Spamming - unsolicited commercial e-mail (UCE) sent to numerous addressees or newsgroups.
22. Spoofing - the ability to fool a biometric sensor into recognizing an illegitimate user as a legitimate user
(verification) or into missing an identification of someone that is in the database.
23. Spyware- technologies deployed without appropriate user consent and/or implemented in ways that send away the information about user activity without his/her acknowledgement.
24. SQLinjection - is a way to cause database commands to be executed on a remote server. Such command execution can cause information leakage.
25. Trojans - Programmes which pretend to do one thing while actually they are meant for doing something
different, like the wooden Trojan Horse of the 12thCentury BC.
26. Virus – A computer virus is the program code that attaches itself to application program and when application program run it runs along with it. It typically has a detrimental effect, such as corrupting the system or destroying data.
27. War-dialing– is a recursive dialing of phone numbers from a modem-enabled PC in an attempt to locate other unadvertised modems resulting in unauthorized access into a computing or Process Control System domain.
28. War-driving - is the recursive searching for wireless access points in an attempt to access a communication network resulting in unauthorized access into a computing or control system domain.
29. Worms - is a code that replicates itself and consumes the resources of a system to bring it down.
30. Zero-day exploit – is an attack against a software vulnerability that has not yet been addressed by the software maintainers. These attacks are difficult to defend against as they are often undisclosed by the vendor until a fix is available, leaving victims unaware of the exposure.
As per the Verizon's 2014 Data Breach Investigations Report, 92% of cyber-attacks in the past 10 years can be linked to just nine basic attack patterns.Top threat patterns identified by the report
1. Malware aimed at gaining control of systems
2. Insider/privilege misuse
3. Physical theft or loss
4. Web app attacks
5. Denial of service attacks
6. Cyber espionage
7. Point-of-sale intrusions
8. Payment card skimmers
9. Miscellaneous errors such as sending an email to the wrong person.
The scope and nature of threats and vulnerabilities is multiplying with every passing day.
Objectives of a cyber-attack
Include the following four areas-
1. Loss of data integrity, such that information could be modified improperly.
2. Loss of data availability, where mission critical information systems are rendered unavailable to authorized users;
3. Loss of data confidentiality, where critical information is disclosed to unauthorized users; and,
4. Physical destruction, where information systems create actual physical harm through commands that cause deliberate malfunctions.
BENEFITS OF CYBER-ATTACKS
1. They are easy to use with high degrees of anonymity and with plausible deniability, making them well suited for covert operations and for instigating conflict between other parties;
2. They are more uncertain in the outcomes they produce, making it difficult to make estimates of deliberate
and collateral damage; and
3. They involve a much larger range of options and possible outcomes, and may operate on time scales ranging from tenths of a second to years and at spatial scales anywhere from “concentrated in a facility next door” to globally dispersed.
Introduction
Cyber Security is “the security of information and its communicating channels as applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the Internet as a whole.”
The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. Computer security also includes protection from unplanned events and natural disasters. The term “Cyber-Security” encompasses a range of issues from Cyber-crime to Cyber-warfare.
Cyber security is a complex issue that cuts across multiple domains and calls for multi-dimensional, multilayered initiatives and responses. It has proved a challenge for governments all around the world. The task is made difficult by the inchoate and diffuse nature of the threats and the inability to frame an adequate response in the absence of tangible perpetrators. The rapidity in the development of information technology (IT) and the relative ease with which applications can be commercialized has seen the use of cyberspace expand dramatically in its brief existence. From its initial avatar as a N/W created by academics for the use of the military, it has now become a global communications platform for socio-economic issues as well as for commercial and social purposes.
The increasing centrality of cyberspace to human existence is exemplified by facts and figures brought out recently by the International Telecommunications Union (ITU), according to which,
- The number of Internet users has doubled between 2005 and 2010 and surpasses 2 billion.
- Users are connecting through a range of devices from the personal computer (PC) to the mobile phone, and using the Internet for
a variety of purposes from communication to e-commerce, to data storage for several services.
The rise in the Internet population has meant that while the threats and vulnerabilities inherent to the Internet and cyberspace might have remained more or less the same as before, the probability of disruption has grown apace with the rise in the number of users. While such disruptions are yet to cause permanent or grievous damage worldwide, they serve as a wake-up call to the authorities concerned to initiate measures to improve the security and stability of cyberspace in terms of their own security. Governments are constrained in their responses by pressures exerted by politico-military-national security actors at one end and economic-civil society actors at the other.
THE INDIAN CYBERSPACE
The National Informatics Centre (NIC) was set up as early as 1975 with the goal of providing IT solutions to the government.
Between 1986 and 1988, three N/Ws were set up:
o INDONET, connecting the IBM mainframe installations that made up India’s computer infrastructure;
o NICNET (the NIC Network), being a nationwide very small aperture terminal (VSAT) N/W for public sector organisations as well as to connect the central government with the state governments and district administrations;
o The Education and Research Network (ERNET), to serve the academic and research communities.
Policies such as the New Internet Policy of 1998 paved the way for multiple Internet service providers (ISPs) and saw the Internet user base grow from 1.4 million in 1999 to over 15 million by 2003.
INDIAN PRESENCE IN INTERNET/AVENUES OF VULNERABILITY IN CYBER SPACE / INDIAN STAKES AT RISK IN CYBER SPACE
As per World Bank report
- By June2012,Internet users in India were approx. 12.5% of the total population (approx. 137 million). According to the Internet and Mobile Association of India (IAMAI),
- The internet user base in India is projected to touch 243 million by June 2014, with a year-on-year
growth of 28%.
This exponential growth is again expected to continue in recent future with more and more people accessing the web through mobile phones and tablets, with the government making a determined push to increase broadband
(>4mbps) penetration from its present level of about
6%.
NATIONAL E-GOVERNANCE PLAN (NGEP)
Even though the Indian government was a late convert to computerization, there has been an increasing thrust on e-governance, seen as a cost- effective way of taking public services to the masses
across the country.
- The two top email providers, Gmail and Yahoo, had
over 34 million users registered from India.
- 62% of Internet users in India use Gmail.
- India’s average connection speed is 1.3 mbps (Nov
2013), the lowest among Asian countries. Compare that to China’s 8.3 mbps and South Korea’s 14.2 mbps.
- Only 2.4% of India’s Internet connections have speeds
>4 Mbps and barely 0.3% have 10 mbps or higher.
Critical sectors such as Defence, Energy, Finance, Space, Telecommunications, Transport, Land Records, Public Essential Services and Utilities, Law Enforcement and Security all increasingly depend on N/Ws to relay data, for communication purposes and for commercial transactions.
The National e-governance Program (NeGP) is one of the most ambitious in the world and seeks to provide more than 1200 governmental services online. Schemes like ‘Rajiv Gandhi scheme for broadband to PRIs’ and National Optic Fiber Network (NOFN) mission are already dedicated to accelerate cyber connectivity in far reaching areas of country.
Under The National Broadband Plan, the target for broadband is 160 million households by 2016.
Despite the low numbers in relation to the population, Indians
have been active users of the Internet across various segments.
Similar level of penetration have also been seen in the social networking arena, which is the most recent entrant to the cyber platform. India currently has the fastest growing user base for Facebook and Twitter, the two top social networking sites.
CONTRIBUTION OF E-COMMERCE TO ECONOMY
The number of Internet users in
India increased from 1.4 million in
1998 to 100 million in 2010. Internet penetration during this
period rose from 0.1% to 8.5%.
In terms of contribution to the economy,
- The contribution of the IT-ITES (BPO) industry to GDP increased from 5.2% in FY06 to around 8.0% in FY13.
- The ICT sector has grown at an annual compounded rate of 33% over the last decade.
- An indication of the rapid pace of adaptation to the Internet in India is that Indian Railways, India’s top e- commerce retailer, saw its online sales go up from 19 million tickets in 2008 to 44 million in 2009, with a value of Rs. 3800 crore ($875 million).
- The size of India's e-commerce market in 2013 was around $13 billion, according to a joint report of KPMG
and Internet and Mobile Association of India (IAMAI).
- As per the same report, the e-commerce business in India is expected to reach around $50-70 billion by 2020 on the back of a fast growing internet-connected population and improvement in related infrastructure like payment and delivery systems.
- Currently estimated at $2.3 billion (about Rs 13,800 crores), Online Retailing is expected to gallop to almost
$38 billion (Rs 2.27 lakh crores) in the next five years.
As India progresses, its reliance on the Internet will increase at a rapid pace. Globalization and governance require a wired society. Along with this India’s vulnerability to the threat of Information War (IW) will become greater. This danger must be foreseen and planned for.
CYBERTHREATS
As we grow more dependent on the Internet for our daily activities, we also become more vulnerable to any disruptions caused in and through cyberspace. The rapidity with which this sector has grown has meant that governments and private companies are still trying to figure out both the scope and meaning of security in cyberspace and apportioning responsibility.
Cyber threats can be disaggregated, based on the perpetrators and their motives, into four baskets:
1. Cyber Espionage,
2. Cyber Crime
3. Cyber Terrorism
4. Cyber Warfare
Cyber Espionage
Cyber espionage, is “the act or practice of obtaining secret information without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of cracking techniques and malicious software including Trojan horses and spyware.”
Simply said, as per Oxford dictionary, Cyber espionage is “The use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.”
Instances of cyber espionage are becoming quite common, with regular reports of thousands of megabytes of data and intellectual property worth millions being exfiltrated from the websites and N/Ws of both government and private enterprises. Though more recently, Cyber spying involves analysis of public activity on social networking sites like Facebook and Twitter. While government websites and NWs in India have been breached, theprivate sector claims that it has not beensimilarly affected. Companies are also reluctant to disclose any attacks and exfiltration of data, both because they could be held liable by their clients and also because they may suffer a resultant loss of confidence of the public.As far as infiltration of government N/Ws and computers is concerned, cyber espionage has all but made the Official Secrets Act, 1923 redundant, with even the computers in the Prime Minister’s Office being accessed, according to reports.
The multiplicity of malevolent actors, ranging from state-sponsored to ‘Hactivists’, makes attribution difficult;
governments currently can only establish measures and protocols to ensure Confidentiality, Integrity and
Availability (CIA) of data.
Lately, it has been suggested to go on the Offensive against cyber spies and cyber criminals who are often acting in tandem with each other. ButOffence is notnecessarily the best form of defence in thecase of cyber security as perpetrators has not much to lose as
compared to their counterparts in government.
USA DoJ (Department of Justice) brings first- ever cyber-espionage case against Chinese officials in May 2014. Chinese officials have been charged with hacking into major U.S. companies to steal trade secrets.
Though, China refuted the charges immediately.
Cyber Crime/ Cyber Attacks
Cyber-attack is “any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks with an intention to damage or destroy targeted computer network or system.”
These attacks can be labeled either as Cyber-campaign, Cyber-warfare or Cyber-terrorism depending upon the context, scale and severity of attacks. Cyber-attacks can range from installing spyware on a PC to attempts to destroy the critical infrastructure of entire nations.
The increasing online population has proved a happy hunting ground for cyber criminals, with losses due to cyber-crime being in billions of dollars worldwide.
While other countries are reporting enormous losses to cyber-crime, as well as threats to enterprises and critical information infrastructure (CII), there are hardly any such reports coming out of India other than those relating to cyber espionage.
Though the report of the National Crime Records Bureau (NCRB) in 2010 reported an increase of 50% in cyber-crime over the previous year, the numbers were quite small in absolute terms.
On 12 July 2012, a high profile cyber-attack breached the email accounts of about 12,000 people, including those of officials from the Ministry of External Affairs, Ministry of Home Affairs, Defence Research and Development Organisation (DRDO), and the Indo-Tibetan Border Police (ITBP).
In February 2013, The Executive Director of the Nuclear Power Corporation of India (NPCIL) stated that his company alone was forced to block up to ten targeted attacks a day.
Similarly, there are relatively few reports of Indian companies suffering cyber security breaches of the sort reported elsewhere.Industry bodies such as the National Association of Software and Services Companies (NASSCOM) also attribute this to the fact that they have been at the forefront of spreading information security awareness amongst their constituents, with initiatives such as the establishment of the Data Security Council of India (DSCI) and the National Skills Registry. The Indian government has also aided these initiatives in a variety of ways, including deputing a senior police officer to NASSCOM to work on cyber security issues, keeping the needs of the outsourcing industry in mind.
That said cyberspace is increasingly being used for various criminal activities and different types of cyber-crimes, causing huge financial losses to both businesses and individuals.
Organised crime mafia have been drawn to cyberspace, and this is being reflected in cyber-crimes gradually shifting from random attacks to direct (targeted) attacks. A cyber underground economy is flourishing, based on an ecosystem facilitated by exploitation of zero-day vulnerabilities, attack tool kits and botnets. The vast amount of money lubricating this ecosystem is leading to increased sophistication of malicious codes such as worms and Trojans. The creation of sophisticated information-stealing malware is facilitated by toolkits such as ZueS, which are sold on Internet for a few thousands of dollars.
While large enterprises are ploughing more resources into digital security, it is the small enterprises and individuals that are falling prey to cyber-crime, as evinced by the increasing number of complaints on consumer complaint forums.
The low levels of computer security are also apparent in recurring statistics that show that India is the third- largest generator of spam worldwide, accounting for 35% of spam zombies and 11% of phishing hosts in the Asia-Pacific-Japan region.
A continuing trend for Internet users in India was that of the threat landscape being heavily infested with worms and viruses. The percentage of worms and viruses in India was significantly higher than the Asia-Pacific regional average.
METHODS OF ATTACKS
Most popular weapon in cyber terrorism is the use of computer viruses and worms. Yet these attacks can be classified into three different categories
1. Physical Attack - using conventional methods like bombs, fire etc to harm the cyber infrastructure.
2. Syntactic Attack - The computer infrastructure is damaged by modifying the logic of the system in order to introduce delay or make the system unpredictable. Computer viruses and Trojans are used in this type of attack.
3. Semantic Attack - This is more treacherous as it exploits the confidence of the user in the system. During the attack the information keyed in the system during entering and exiting the system is modified without the user’s knowledge in order to induce errors.
TOOLS OF CYBER ATTACKS
Cyber attackers use numerous vulnerabilities in cyberspace to commit these acts. They exploit the weaknesses in software and hardware design through the use of malware.
1. Bluetooth hijacking – (also called “Bluejacking”) is an attack conducted on Bluetooth-enabled mobile devices, such as cellular telephones, smart phones, and PDAs.
2. Botnet- A botnet (a contraction of the term "RoBOTNETwork") is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. E.g. distribute malware, spam, and phishing scams etc.
a. Network of compromised computers that are remotely controlled by malicious agents. They are used to send massive quantities of spam e-mail messages, co-ordinate distributed denial-of- service attacks (DDOS).
3. Browser hijacking - is the unintended modification of a web browser's settings by a malware. The term
"hijacking" is used as the changes are performed without the user's permission. Some browser hijacking can be easily reversed, while other instances may be difficult to reverse. Various software packages exist to prevent such modification.
4. Denials of service (DoS) - an attack that prevents or impairs the authorized use of information system resources or services.These attacks are used to overwhelm the targeted websites. Attacks are aimed at denying authorized person’s access to a computer or computer network.
5. Distributed denial-of-service (DDoS) - is a variant of the denial-of-service attack that uses a coordinated attack from a distributed system of computers rather than a single source. It often makes use of worms to spread to multiple computers that can then attack the target.
6. E-mail address harvesting - obtaining an electronic mail address using an automated means from an
Internet website or proprietary online service operated by another person.
7. E-Mail Related Crime - Usually worms and viruses have to attach themselves to a host programme to be injected. Certain emails are used as host by viruses and worms. E-mails are also used for spreading disinformation, threats and defamatory stuff.
a. Cyber criminals are using innovative social engineering techniques through spam, phishing and
social networking sites to steal sensitive user information to conduct various crimes, ranging from abuse to financial frauds to cyber espionage. E.g. Nigerian email asking bank account to transfer lots of money. Tempting emails of user winning lottery or in some luck draw have been few famous tricks.
8. Exploit tools - publicly available and sophisticated tools that intruders of various skill levels can use to determine vulnerabilities and gain access into targeted systems.
9. Hacking - The most popular method used by a terrorist. It is a generic term used for any kind of
unauthorized access to a computer or a network of computers. Some ingredient technologies like packet sniffing tempest attack, password cracking and buffer outflow facilitates hacking, Identity theft.
10. Logic bomb - a computer program, which may perform some useful function, but which contains hidden
code which, when activated, may destroy data, reformat a hard disk or randomly insert garbage into data files.
11. Identity theft - Obtaining and unlawfully possessing identity information of someone with the intent to
use the information deceptively, dishonestly or fraudulently in the commission of a crime.
12. Keyboardlogging - is a software that captures and "logs" every keystroke typed on a particular keyboard.
13. Macrovirus – is a program or code segment (can be called a Virus) written in the application's internal macro language.
14. Malware - (a concatenation of malicious software)a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system (OS) or of otherwise annoying or disrupting the victim.
15. Pharming – is a method used by phishers to deceive users into believing that they are communicating with a legitimate Web site. Pharming uses a variety of technical methods to redirect a user to a fraudulent or spoofed Web site when the user types a legitimate Web address.
16. Phishing - refers to a social engineering attack, where someone misrepresents their identity or authority in order to induce another person to provide personally identifiable information (PII) over the Internet.
17. Rootkit–is a set of tools used by an attacker after gaining root-level access to a host to conceal the attacker's activities on the host and permit the attacker to maintain root-level access to the host through covert means.
18. Skimming – is the act of obtaining data from an unknowing end user who is not willingly submitting the sample at that time. An example could be secretly reading data while in close proximity to a user on a bus.
19. Smart-card hijacking
20. Sniffer - (also called a packet sniffer) is asoftware tool for auditing and identifying network traffic packets.
21. Spamming - unsolicited commercial e-mail (UCE) sent to numerous addressees or newsgroups.
22. Spoofing - the ability to fool a biometric sensor into recognizing an illegitimate user as a legitimate user
(verification) or into missing an identification of someone that is in the database.
23. Spyware- technologies deployed without appropriate user consent and/or implemented in ways that send away the information about user activity without his/her acknowledgement.
24. SQLinjection - is a way to cause database commands to be executed on a remote server. Such command execution can cause information leakage.
25. Trojans - Programmes which pretend to do one thing while actually they are meant for doing something
different, like the wooden Trojan Horse of the 12thCentury BC.
26. Virus – A computer virus is the program code that attaches itself to application program and when application program run it runs along with it. It typically has a detrimental effect, such as corrupting the system or destroying data.
27. War-dialing– is a recursive dialing of phone numbers from a modem-enabled PC in an attempt to locate other unadvertised modems resulting in unauthorized access into a computing or Process Control System domain.
28. War-driving - is the recursive searching for wireless access points in an attempt to access a communication network resulting in unauthorized access into a computing or control system domain.
29. Worms - is a code that replicates itself and consumes the resources of a system to bring it down.
30. Zero-day exploit – is an attack against a software vulnerability that has not yet been addressed by the software maintainers. These attacks are difficult to defend against as they are often undisclosed by the vendor until a fix is available, leaving victims unaware of the exposure.
As per the Verizon's 2014 Data Breach Investigations Report, 92% of cyber-attacks in the past 10 years can be linked to just nine basic attack patterns.Top threat patterns identified by the report
1. Malware aimed at gaining control of systems
2. Insider/privilege misuse
3. Physical theft or loss
4. Web app attacks
5. Denial of service attacks
6. Cyber espionage
7. Point-of-sale intrusions
8. Payment card skimmers
9. Miscellaneous errors such as sending an email to the wrong person.
The scope and nature of threats and vulnerabilities is multiplying with every passing day.
Objectives of a cyber-attack
Include the following four areas-
1. Loss of data integrity, such that information could be modified improperly.
2. Loss of data availability, where mission critical information systems are rendered unavailable to authorized users;
3. Loss of data confidentiality, where critical information is disclosed to unauthorized users; and,
4. Physical destruction, where information systems create actual physical harm through commands that cause deliberate malfunctions.
BENEFITS OF CYBER-ATTACKS
1. They are easy to use with high degrees of anonymity and with plausible deniability, making them well suited for covert operations and for instigating conflict between other parties;
2. They are more uncertain in the outcomes they produce, making it difficult to make estimates of deliberate
and collateral damage; and
3. They involve a much larger range of options and possible outcomes, and may operate on time scales ranging from tenths of a second to years and at spatial scales anywhere from “concentrated in a facility next door” to globally dispersed.
No comments:
Post a Comment